[Samba] changing passwords from Windows XP Pro workstations

Gary Dale garydale at torfree.net
Thu Mar 30 19:31:34 GMT 2006

simo wrote:

>On Wed, 2006-03-29 at 23:33 -0500, Gary Dale wrote:
>>OK, the logs aren't quite silent. Here's one when I tried to change my 
>>password from a workstation (the log fragment is from 
>>samba/log.<netbiosname> - log.nmbd and log.smbd are silent for the 
>>period). This time it came back with "you do not have permission to 
>>change your password" after only a few seconds. The other passwords I've 
>>been trying to change (and this password in previous attempts) have gone 
>>away for more than 15 minutes before the dialogue box closed (without 
>>changing the password):
>Log level 0 is not that useful, you may raise it to 3 or 5 and see what
>error is returned on a password change.
>Anyway, for some masochistic reason I took the time to go back and see
>your recent postings and ... well man, you really need to take a breath.
>All your attempts to set up samba with LDAP have failed just because you
>do not understand the openLdap ACL model and, more simply, you failed to
>do basic things like defining the same dn as ldap manager in slapd.conf
>and smb.conf (as the documentation clearly states).
>Anyway you got back to tdbsam, fine, it is the simpler option.
>Now can you check the smb.conf you posted earlier today and:
>1. Raise the log level
>2. comment out "password program", "password chat" and "unix password
>sync" so that we are sure they are not set up wrongly
>3. tell me how "add group script" and "add user to group script" can
>possibly ever work (unless the text of the conf has been mangled the
>first misses the only meaningful parameter which is the group name and
>the second has a wild back tick ...)
>And then also "invalid users" and "admin users" are in conflict about
>root and printing is set to cups yet you try to define a mysterious "lpq
>command = %p"
>I agree that one not need to be a developer to set up things, but at
>least, please, check carefully the configuration file AND the logs
>before shouting against the hard work of other people and claiming the
>documentation is wrong.
Thanks Simo. It really is better to light one candle than to curse the 

re. 1) At various times I did have admin in both files and at others it 
was samba in both. That didn't work either.

re. 2) my current problem: your suggestion #2 worked. When "unix passwd 
synch" is commented out, I was able to change my Samba password. When it 
was set to "Yes", the password synch took forever, then failed silently. 
It looks like there is an issue with changing the Unix/Linux password 
that I have to resolve. It appears also that Windows may be waiting for 
a response such as is included in the passwd chat in By Example's 
"Example 3.4. 130 User Network with //tdbsam// [globals] Section". When 
I included the response, the Windows dialogue failed fairly quickly.

Possibly (probably) it an issue with the group script problems you 
identified. I'll work on it.

Also, I never said the documentation was wrong, just not perfect. I also 
said I don't personally like the style it's written in. RTFM is rarely a 
useful response to anything except the most basic problems. :)

Anyway, as proof that even bright and knowledgeable people miss things, 
your suggestions have got me further than my previous exchange with 
Jeremy Allison.  :)

I'm not going to send you the log file since I gather that people here 
have lost interest in my postings (I have a keen grasp of the obvious, 
to borrow a phrase Gary Trudeau used a few decades ago). Besides, you 
and Craig have given me enough help to follow through myself.

So again thanks. Much appreciated!

More information about the samba mailing list